Since I got a job recently I've also been starting to learn python but would consider myself very basic in that.Basically I am just here asking for guidance , I don't want any help with any of the missions or anything like that but help with what path i should go forward with since I was once part of a ethical hacking study being done with graduates on specially created unsecure site... but that mostly involved SQL injection which i loved and then some CSS attacks which i was prety bad at since i never really knew javascript.But when i come to this site it's completely different to what i expected ( just started on the basic missions and i'm up to level 5 i think)

It just seems as though i've been thinking about this the completely wrong way. I know this is a bit of a jumbled up rant but i think thats a representation of how clusterfucked my brain is

So to sum up since this was a ramble : If you were in my position what would you do to better yourself at this ?

PS: Is the stat that between 50-80% of websites are SQLi vunrable comeplete BS because I think in all my random sampling of sites I've only ever seen one ?

Welcome.I'm by no means an expert but, as far as bettering your self at security I have learned a lot from this site's challenges and articles. If you get stuck on any mission there are articles for most of them that will lead you in the right direction without just telling you the answer.

Besides this site I have learned just about everything I know from Google and YouTube. I am in college now but have not even gotten to take one IT class yet. The only formal training I have is from a compTIA A+ class I took in high school. I taught myself programming(python, php, javascript, html, mySQL, c++) from online tutorials and Stackoverflow.com.Here are some great, basic php security tutorialshttp://www.youtube.com/playlist?list=PL5F8BFE541D972472&feature=plcp.

I think one of the best ways to learn more is just to mess around with stuff. I learned bash by playing around with Linux and FreeBSD. A great way to learn is to set up a "lab" with vm's, use one vm to attack another. As far as web exploits I like to set up an apache server(in a vm) with my own php on it, and exploit it. If I can not find any I research new methods. Once I find and exploit a vulnerability, then I research how to protect against it, and patch my code. That way I learn attack and defense.

As far as the 50-80% being SQLi vulnerable, I don't know, but there are some pretty complicated exploits so just because you can't find a vulnerability doesn't mean there are not any.

CSS attacks

You attacked cascading style sheets? jk, people generally use XSS for cross-site-scripting.

You attacked cascading style sheets? jk, people generally use XSS for cross-site-scripting.

Ha , actually one of those wierd conicidents C and X being beside each other on the keyboard

Yeah thanks for the advice , i think becomming more educated in the languages through tutorials is the way i'll go. I think I may aswell finish off with knowing the ins and outs of python before i go off on other languages. And the worst case scenario is it won't help me at cracking but I'll at least have another tool at my disposal.

...had more time. The problem I'm finding is deciding which new area/topic/technology to spend learning. I spend time on one, then some time later my interest switches and then just put the previous interest to the backburner until i need it again.

LoGiCaL__ wrote:...had more time. The problem I'm finding is deciding which new area/topic/technology to spend learning. I spend time on one, then some time later my interest switches and then just put the previous interest to the backburner until i need it again.

I can relate to that. Luckily for me though, I found OS design/development, haven't looked back.

Finding your one niche, is quite a lot like falling in love, you'll know when you found it.

Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook